<?php
ob_start();
session_start();
error_reporting(0);
set_time_limit(0);
require_once("includes/dbconfig.php");
require_once("includes/functions.php");
require_once("classes/class.authentication.php");
require_once("classes/class.user.php"); //include user class
require_once("libs/Smarty.class.php");
require_once("includes/settings.php");

define('DIRECTORY_SEPARATOR', '/');

// This file will be used to upload files 
$template = new Smarty;
$Auth = new Authentication;

if(!$Auth->checkAuth()) // if user isn't logged in
{
    header("location: index.php");
   	exit;
}


$template->assign("messages_enabled", ALLOW_MESSAGING);
$template->assign("SITE_URL", SITE_URL);
$template->assign("SITE_NAME", SITE_NAME);
$template->assign("SITE_KEYWORDS", urldecode(SITE_KEYWORDS));
$template->assign("SITE_DESCRIPTION", urldecode(SITE_DESCRIPTION));

$uid = $Auth->getLoggedId();
$template->assign('script', 'upload');


if($Auth->checkAuth()) // if user is logged in then assign smarty vars ..
{

	$uloggedId = $Auth->getLoggedId();
	$Loggeduser = __User::getById($uloggedId);
	$uid = $uloggedId; 
	if(!$Loggeduser)
	{
	    die("Invalid User");
	}

	$uloggedUser = $Loggeduser->username;
	$template->assign('uloggedUser', $uloggedUser);
	$template->assign('uloggedId', $uloggedId);
	require_once("includes/stats.php");
	
	
	
}


if(isset($_REQUEST["name"])){

// HTTP headers for no cache etc
header("Expires: Mon, 26 Jul 1997 05:00:00 GMT");
header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT");
header("Cache-Control: no-store, no-cache, must-revalidate");
header("Cache-Control: post-check=0, pre-check=0", false);
header("Pragma: no-cache");

// Settings
$targetDir = "HST_USR_UPLOADED_FILES__DIR/hst_uploaded_files";
//$targetDir = 'uploads';

$cleanupTargetDir = true; // Remove old files
$maxFileAge = 5 * 3600; // Temp file age in seconds

// 5 minutes execution time
@set_time_limit(5 * 60);

// Uncomment this one to fake upload time
// usleep(5000);

// Get parameters
$chunk = isset($_REQUEST["chunk"]) ? intval($_REQUEST["chunk"]) : 0;
$chunks = isset($_REQUEST["chunks"]) ? intval($_REQUEST["chunks"]) : 0;
$fileName = isset($_REQUEST["name"]) ? $_REQUEST["name"] : '';

// Clean the fileName for security reasons
$fileName = preg_replace('/[^\w\._]+/', '_', $fileName);

// Make sure the fileName is unique but only if chunking is disabled
if ($chunks < 2 && file_exists($targetDir . DIRECTORY_SEPARATOR . $fileName)) {
	$ext = strrpos($fileName, '.');
	$fileName_a = substr($fileName, 0, $ext);
	$fileName_b = substr($fileName, $ext);

	$count = 1;
	while (file_exists($targetDir . DIRECTORY_SEPARATOR . $fileName_a . '_' . $count . $fileName_b))
		$count++;

	$fileName = $fileName_a . '_' . $count . $fileName_b;
}


$filePath = $targetDir . DIRECTORY_SEPARATOR . $fileName;



// Create target dir
if (!file_exists($targetDir))
	@mkdir($targetDir);

// Remove old temp files	
if ($cleanupTargetDir && is_dir($targetDir) && ($dir = opendir($targetDir))) {
	while (($file = readdir($dir)) !== false) {
		$tmpfilePath = $targetDir . DIRECTORY_SEPARATOR . $file;

		// Remove temp file if it is older than the max age and is not the current file
		if (preg_match('/\.part$/', $file) && (filemtime($tmpfilePath) < time() - $maxFileAge) && ($tmpfilePath != "{$filePath}.part")) {
			@unlink($tmpfilePath);
		}
	}

	closedir($dir);
} else
	die('{"jsonrpc" : "2.0", "error" : {"code": 100, "message": "Failed to open temp directory."}, "id" : "id"}');
	


// Handle non multipart uploads older WebKit versions didn't support multipart in HTML5
	if (isset($_FILES['file']['tmp_name']) && is_uploaded_file($_FILES['file']['tmp_name'])) {
		// Open temp file
		$out = fopen("{$filePath}.part", $chunk == 0 ? "wb" : "ab");
		if ($out) {
			// Read binary input stream and append it to temp file
			$in = fopen($_FILES['file']['tmp_name'], "rb");

			if ($in) {
				while ($buff = fread($in, 4096))
					fwrite($out, $buff);
					
								
					
			} else
				die('{"jsonrpc" : "2.0", "error" : {"code": 101, "message": "Failed to open input stream."}, "id" : "id"}');
			fclose($in);
			fclose($out);
			@unlink($_FILES['file']['tmp_name']);
		} else
			die('{"jsonrpc" : "2.0", "error" : {"code": 102, "message": "Failed to open output stream."}, "id" : "id"}');
	} else
		die('{"jsonrpc" : "2.0", "error" : {"code": 103, "message": "Failed to move uploaded file."}, "id" : "id"}');

// Check if file has been uploaded
if (!$chunks || $chunk == $chunks - 1) {
	
	// Strip the temp .part suffix off 
	rename("{$filePath}.part", $filePath);		
	
	
    ///---------------
		$filename = $fileName;
		$ext = substr($filename,strrpos($filename, ".")); 	
		
		if(preg_match('/\.(php|pl|py|cgi|asp|js)/i', $ext) && $ext != '.txt')
		{
            $ext = ".txt";
			$filename = $fileName.".txt";
		}
		
		
		$newFileName = substr(md5(strtotime('now').uniqid()), 0, rand(7,12)).strtotime('now');
		$newFileName = urlencode($newFileName).$ext;
	    $filesize = filesize($filePath);
       ////---------------
	   
	   
	   rename($filePath,  $targetDir . DIRECTORY_SEPARATOR . $newFileName);	

	$code = substr(md5("f_".strtotime('now').uniqid()), 0, rand(5,12));
	while(mysql_num_rows(mysql_query("SELECT id FROM files WHERE `code` = '$code'")))
	{
		$code = substr(md5("f_".strtotime('now').uniqid()), 0, rand(5,12));
	}
		
	
				
	//insert file record into database
	if(mysql_query("INSERT INTO files VALUES (NULL, '$uid', '$filename', '$newFileName', '$code', '$filesize', 0, 0, NOW(), NULL,  0, NULL, 'local', NULL, NULL)"))
	{
		die('{"jsonrpc" : "2.0", "result" : null, "id" : "id"}');
	}else
	die('{"jsonrpc" : "2.0", "error" : {"code": 420, "message": "File upload failed."}, "id" : "id"}');	
	

}


}else
{
    $template->display('upload.tpl.php');
}

?>